1#!/bin/sh -e
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14set -e
15
16. ../conf.sh
17
18set -u
19
20touch empty
21
22Z=cds.test
23
24keyz=$($KEYGEN -q -a $DEFAULT_ALGORITHM $Z)
25key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z)
26key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z)
27
28idz=$(keyfile_to_key_id $keyz)
29id1=$(keyfile_to_key_id $key1)
30id2=$(keyfile_to_key_id $key2)
31
32cat <<EOF >vars.sh
33Z=$Z
34key1=$key1
35key2=$key2
36idz=$idz
37id1=$id1
38id2=$id2
39EOF
40
41tac() {
42  $PERL -e 'print reverse <>'
43}
44
45convert() {
46  key=$1
47  n=$2
48  $DSFROMKEY -12 $key >DS.$n
49  grep " ${DEFAULT_ALGORITHM_NUMBER} 1 " DS.$n >DS.$n-1
50  grep " ${DEFAULT_ALGORITHM_NUMBER} 2 " DS.$n >DS.$n-2
51  sed 's/ IN DS / IN CDS /' <DS.$n >>CDS.$n
52  sed 's/ IN DS / IN CDS /' <DS.$n-1 >>CDS.$n-1
53  sed 's/ IN DS / IN CDS /' <DS.$n-2 >>CDS.$n-2
54  sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n
55  sed 's/ IN DS / 3600 IN DS /' <DS.$n >DS.ttl$n
56  sed 's/ IN DS / 7200 IN DS /' <DS.$n >DS.ttlong$n
57  tac <DS.$n >DS.rev$n
58}
59convert $key1 1
60convert $key2 2
61
62# consistent order wrt IDs
63sort DS.1 DS.2 >DS.both
64
65cp DS.1 DS.inplace
66$PERL -we 'utime time, time - 7200, "DS.inplace" or die'
67
68mangle="$PERL mangle.pl"
69
70$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <DS.1 >DS.broke1
71$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 2 " <DS.1 >DS.broke2
72$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} [12] " <DS.1 >DS.broke12
73
74sed 's/^/update add /
75$a\
76send
77' <DS.2 >UP.add2
78
79sed 's/^/update del /
80$a\
81send
82' <DS.1 >UP.del1
83
84cat UP.add2 UP.del1 | sed 3d >UP.swap
85
86sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl
87
88sign() {
89  cat >db.$1
90  $SIGNER >/dev/null \
91    -S -O full -o $Z -f sig.$1 db.$1
92}
93
94sign null <<EOF
95\$TTL 1h
96@	SOA	localhost.	root.localhost. (
97		1	; serial
98		1h	; refresh
99		1h	; retry
100		1w	; expiry
101		1h	; minimum
102		)
103;
104	NS	localhost.
105;
106EOF
107
108cat sig.null CDS.1 >brk.unsigned-cds
109
110cat db.null CDS.1 | sign cds.1
111cat db.null CDS.2 | sign cds.2
112cat db.null CDS.1 CDS.2 | sign cds.both
113
114tac <sig.cds.1 >sig.cds.rev1
115
116cat db.null CDNSKEY.2 | sign cdnskey.2
117cat db.null CDS.2 CDNSKEY.2 | sign cds.cdnskey.2
118cat db.null CDS.1 CDNSKEY.2 | sign cds1.cdnskey2
119
120cat db.null CDS.2-1 | sign cds.2.sha1
121cat db.null CDS.2-1 CDNSKEY.2 | sign cds.cdnskey.2.sha1
122
123$mangle '\s+IN\s+RRSIG\s+CDS .* '$idz' '$Z'\. ' \
124  <sig.cds.1 >brk.rrsig.cds.zsk
125$mangle '\s+IN\s+RRSIG\s+CDS .* '$id1' '$Z'\. ' \
126  <sig.cds.1 >brk.rrsig.cds.ksk
127
128$mangle " IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <db.cds.1 \
129  | sign cds-mangled
130
131bad=$($PERL -le "print ($id1 ^ 255);")
132sed "s/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 /IN CDS $bad ${DEFAULT_ALGORITHM_NUMBER} 1 /" <db.cds.1 \
133  | sign bad-digests
134
135sed "/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} /p;s//IN CDS $bad $ALTERNATIVE_ALGORITHM_NUMBER /" <db.cds.1 \
136  | sign bad-algos
137
138rm -f dsset-*
139